{"id":58062,"date":"2020-08-06T18:29:33","date_gmt":"2020-08-06T08:29:33","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=58062"},"modified":"2020-08-06T21:24:43","modified_gmt":"2020-08-06T11:24:43","slug":"small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/","title":{"rendered":"Small businesses on the front line as Australia\u2019s cybersecurity strategy released"},"content":{"rendered":"
<\/figure>\n

Does Australia\u2019s cyber security strategy 2020<\/em><\/a>, released by the Home Affairs Department today, go far enough to address the cyber resilience of the nation\u2019s small and medium enterprises? The Australian SME sector comprised more than 2.3 million businesses as at June 2018, representing 9.8 million jobs, and in 2017\u201318 accounted for around a third of gross domestic profit<\/a>.<\/p>\n

A survey of small and medium businesses conducted by the Australian Cyber Security Centre in 2019 found that the sector is highly vulnerable to malicious cyber activity. It was the first cybersecurity survey by the federal government focused exclusively on the SME sector.<\/p>\n

Only 1,763 businesses responded to the survey, which represents less than 0.1% of SMEs. Nevertheless, it is a landmark report that warrants some attention and consideration.<\/p>\n

The 2020 cybersecurity strategy re-emphasises the importance government places on improving\u00a0 cybersecurity resilience. But the key question remains, why are SMEs still struggling to achieve effective cybersecurity standards?<\/p>\n

The ACSC\u2019s survey report confirms that a large proportion of Australian SMEs are likely to have inadequate cybersecurity practices in place. Given that the sector is a substantial contributor to the Australian economy and plays a crucial role in various supply chains, including ones with access to sensitive public and government information, this vulnerability represents a significant national risk.<\/p>\n

The report indicates that most SMEs know they are exposed to cybersecurity risk, but they don\u2019t really understand the underlying threats or the vulnerabilities leading to that risk. The reality is that most SMEs also don\u2019t understand how cybersecurity risk translates into business risk.<\/p>\n

This is a significant barrier to improved cybersecurity because, without a realistic understanding of the risks they face, SMEs are unlikely to make smart choices to address them.<\/p>\n

A good example of this is the ACSC\u2019s own Small business cyber security guide<\/em><\/a>. It discusses threats and a range of cybersecurity measures, including threat protection, vulnerability reduction and risk mitigation. However, it\u2019s not easily translated into the layman\u2019s language of SMEs.<\/p>\n

Business owners need clear and succinct explanations of the threats that apply to them, the vulnerabilities they need to address and the associated business risks. That needs to include industry-specific examples.<\/p>\n

The survey report concludes that SMEs may not be getting the level of protection they expect from using outsourced cybersecurity providers, which is likely having a negative impact on the adoption rate of those services. Small businesses should be encouraged to outsource their cybersecurity functions, but they need guidance on choosing a suitable cybersecurity service provider. They could benefit from references such as the Managed service provider better practice principles<\/em><\/a>, released in December 2018 by the ACSC.<\/p>\n

Government messaging has also been a problem. Despite there being plentiful cybersecurity information available online from federal and state governments, there\u2019s little consistency in format or content. The new cybersecurity strategy proposes that the Australian government \u2018work with large businesses and service providers to provide SMEs with cyber security information and tools\u2019. However, there would be great benefit in standardising the information and tools and ensuring that SMEs know where to find them and how to use them.<\/p>\n

Cybersecurity guides tend to take a broad-brush approach to recommended actions. Breaking that information down into smaller, focused areas, with clear achievable actions, might reduce complexity and confusion. A good start would be a short guide focusing on email, with an explanation about the benefits of a custom domain name, which surprisingly many SMEs still don\u2019t have.<\/p>\n

Another major issue to consider is the limited spending by SMEs on cybersecurity, which the report links to their low annual turnover. While there\u2019s no denying this is a factor, made even worse by the pandemic, a more likely reason is the priority a business places on implementing cybersecurity. Even though 80% of SME respondents rated cybersecurity as \u2018very important\u2019 to their business, spending on cybersecurity must still compete with many other financial demands that are rated \u2018essential\u2019.\u00a0 Most Australian SMEs don\u2019t see spending on cybersecurity as an imperative.<\/p>\n

Ultimately this attitude must change, and the government must be the driver of that change, through proactive influence. For example, the UK government offers the cyber essentials scheme<\/a>, an incremental maturity model applicable to SMEs. The scheme has been in operation for more than five years, and provides an assessment framework that can be adopted by businesses of all sizes.\u00a0 Businesses can become certified through a self-assessment process or can opt for a higher level of certification based on an independent audit. Australia\u2019s new cybersecurity strategy doesn\u2019t include such a toolset.<\/p>\n

The 2020 cybersecurity strategy includes welcome enhancements to the recognition of the vulnerability of the SME sector and a range of new initiatives. The sector is more than just the individual owners, employees and outputs. It\u2019s a key piece of our overall national cybersecurity resiliency, with unique problems that require targeted solutions. The next 12 months will be critical to seeing these targeted solutions designed and brought to life.<\/p>\n","protected":false},"excerpt":{"rendered":"

Does Australia\u2019s cyber security strategy 2020, released by the Home Affairs Department today, go far enough to address the cyber resilience of the nation\u2019s small and medium enterprises? The Australian SME sector comprised more than …<\/p>\n","protected":false},"author":847,"featured_media":58064,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1060,1513,2138],"class_list":["post-58062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-cyber-security-centre","tag-business","tag-cybersecurity"],"acf":[],"yoast_head":"\nSmall businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Small businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Does Australia\u2019s cyber security strategy 2020, released by the Home Affairs Department today, go far enough to address the cyber resilience of the nation\u2019s small and medium enterprises? The Australian SME sector comprised more than ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-06T08:29:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-06T11:24:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"683\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ian Bloomfield\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian Bloomfield\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg\",\"width\":683,\"height\":512,\"caption\":\"Lock background v2.0\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/\",\"name\":\"Small businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#primaryimage\"},\"datePublished\":\"2020-08-06T08:29:33+00:00\",\"dateModified\":\"2020-08-06T11:24:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/257572c0b802b38d3fd09773b415c123\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Small businesses on the front line as Australia\u2019s cybersecurity strategy released\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/257572c0b802b38d3fd09773b415c123\",\"name\":\"Ian Bloomfield\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ac65a5d23032fe50f8beab62414b5226?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ac65a5d23032fe50f8beab62414b5226?s=96&d=mm&r=g\",\"caption\":\"Ian Bloomfield\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/ian-bloomfield\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Small businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/","og_locale":"en_US","og_type":"article","og_title":"Small businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist","og_description":"Does Australia\u2019s cyber security strategy 2020, released by the Home Affairs Department today, go far enough to address the cyber resilience of the nation\u2019s small and medium enterprises? The Australian SME sector comprised more than ...","og_url":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-08-06T08:29:33+00:00","article_modified_time":"2020-08-06T11:24:43+00:00","og_image":[{"width":683,"height":512,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg","type":"image\/jpeg"}],"author":"Ian Bloomfield","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Ian Bloomfield","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/08\/GettyImages-163727876.jpg","width":683,"height":512,"caption":"Lock background v2.0"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/","url":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/","name":"Small businesses on the front line as Australia\u2019s cybersecurity strategy released | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#primaryimage"},"datePublished":"2020-08-06T08:29:33+00:00","dateModified":"2020-08-06T11:24:43+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/257572c0b802b38d3fd09773b415c123"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/small-businesses-on-the-front-line-as-australias-cybersecurity-strategy-released\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Small businesses on the front line as Australia\u2019s cybersecurity strategy released"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/257572c0b802b38d3fd09773b415c123","name":"Ian Bloomfield","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ac65a5d23032fe50f8beab62414b5226?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ac65a5d23032fe50f8beab62414b5226?s=96&d=mm&r=g","caption":"Ian Bloomfield"},"url":"https:\/\/www.aspistrategist.ru\/author\/ian-bloomfield\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58062"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/847"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=58062"}],"version-history":[{"count":7,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58062\/revisions"}],"predecessor-version":[{"id":58100,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58062\/revisions\/58100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/58064"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=58062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=58062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=58062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}